SecureWorld Artificial Intelligence Virtual Conference 2026

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Peruse the many downloadable resources each booth has to offer.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

As organizations rush to implement artificial intelligence, many are developing AI capabilities just to stay up with the competition, rather than to solve important challenges. This rush for visibility and innovation has resulted in a rising gap between existing AI systems and those that provide genuine value. The end effect is increased complexity, operational risk, and a misalignment of technology, business needs, and governance.

This session investigates why intention and discipline, simply not speed, are the foundations of good AI. It questions the premise that quicker AI adoption inherently leads to better outcomes and investigates how poorly specified AI initiatives frequently generate technical debt, privacy risks, and governance gaps while offering little demonstrable impact. Through a governance and risk-informed lens, the conversation focuses on what useful AI looks like when it is designed to address real operational bottlenecks, customer requirements, and business outcomes. It emphasizes the importance of responsible design, oversight frameworks, and cross-functional accountability in developing AI systems that are both innovative and sustainable.

Attendees will leave with a practical methodology for determining whether an AI idea is worth developing, how to incorporate responsibility and discipline into the AI lifecycle, and how to move beyond innovation theatre to AI that adds true value and has long-term impact.

Security governance for AI systems is stuck in 2015. GRC teams write PDF policies. Engineering teams ignore them. When a developer wants to connect a new tool to their AI agent, the review takes days. By the time the policy doc is updated, the architecture has changed twice.

This session presents a policy-as-code approach to AI governance that gives GRC teams direct control over runtime enforcement without requiring engineering deployments. Using OPA/Rego as the policy engine, governance rules become version-controlled, testable, and hot-reloadable artifacts that enforce at the point of action rather than the point of review.

The talk walks through real implementation: writing Rego policies that map to NIST 800-53 controls, building a policy bundle pipeline so GRC pushes updates without deployments, and separating policy ownership from infrastructure ownership so security teams and engineering teams stop blocking each other.

Key Learnings:

• Why document-based AI governance fails in fast-moving engineering organizations
• Implementing policy-as-code with OPA/Rego for AI agent runtime enforcement
• Mapping Rego policies to NIST 800-53 and ISO 27001 control families
• Building a GRC policy pipeline: version control, testing, hot-reload, and audit trails
• Organizational patterns for separating policy ownership from infrastructure deployment

With cybercrime losses exceeding $17.6 billion in 2025, Jared Lobato details how criminals leverage GenAI to enhance the scale, speed, and believability of fraud. Key topics include the use of deepfakes for government impersonation, AI-augmented sextortion, and nation-state strategies from actors like China and Russia to accelerate the cyber kill-chain.

The session highlights a critical shift toward autonomous hacking stacks that orchestrate multi-tool workflows for reconnaissance and exfiltration. While “AI as a Shield” initiatives like Project Glasswing offer defensive hope, the presentation warns that the exponential growth of offensive capabilities is rapidly commoditizing digital intelligence.

As AI agents become embedded across business workflows, they are gaining the ability to access data, interact with applications, and take action with increasing autonomy. While these capabilities can accelerate productivity, they also introduce new security challenges. An AI agent may have legitimate access to systems and data, yet still make decisions or take actions that create risk for the organization.

Join Proofpoint for this 45-minute breakout session examining how security teams can address the growing gap between AI access and AI control.

In this session, you’ll learn:

· How AI agents expand risk across enterprise applications, tools, and data

· Why visibility into AI activity is critical for effective governance

· Ways to reduce the risk of data exposure across prompts, responses, and automated workflows

· How guardrails and runtime protections help keep AI behavior aligned with business expectations

· Practical considerations for securing AI as adoption scales across the organization

Discover how organizations can gain greater visibility into AI activity, protect sensitive information, and establish the controls needed to confidently embrace autonomous AI.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

AI adoption inside organizations is accelerating faster than governance frameworks can keep up. While much of the conversation focuses on securing large language models and understanding how they work, many organizations are overlooking a more immediate risk: how AI tools are being introduced, accessed, and used across the business.

This session reframes AI governance through a familiar lens—Governance, Risk, and Compliance (GRC). Rather than treating AI as a completely new and undefined risk category, we explore how existing security and risk management practices can be effectively extended to AI tools and platforms.

Most organizations don’t need a brand-new AI governance framework—they need to operationalize the one they already have.

Attendees will learn how to evaluate AI solutions using practical, established criteria: encryption in transit and at rest, access controls, data handling practices, regulatory alignment (HIPAA, PCI, SOC 2, where applicable), and disaster recovery capabilities. The session walks through how to incorporate AI into vendor risk assessments, third-party risk management programs, and internal control frameworks—delivering a pragmatic approach for security and risk leaders who need to move quickly without reinventing their entire governance model.

Attendees will leave with a practical, immediately actionable framework for governing AI tools using the GRC practices they already have—so they can safely enable AI in their organizations without waiting for the industry to agree on a standard.

• Understand why AI governance should be integrated into existing GRC frameworks rather than treated as a separate discipline
• Learn how to apply traditional risk assessment methodologies to AI tools and platforms
• Identify key control areas for AI: encryption, access controls, compliance alignment, data governance, and operational resilience
• Incorporate AI tools into vendor risk management and third-party assessment programs
• Walk away with a practical framework to begin governing AI immediately—starting Monday morning

Shadow AI is the new “Bring Your Own Device,” but the stakes are significantly higher. When employees feed proprietary code or sensitive data into unvetted LLMs, the perimeter doesn’t just leak—it dissolves. In this session, Hemanth Tadepalli breaks down the anatomy of AI Data Risk and provides a tactical roadmap for bringing these “shadow” operations into the light. Using the ISO 42001 framework as our North Star, we will discuss how to build a resilient AI Management System (AIMS) that tames the chaos of unauthorized AI usage while keeping your organization’s data under lock and key.

Session details to come.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

Generative AI has made it trivial to create synthetic identities and autonomous agents that behave like real users until it is too late. Traditional IAM and API security focus on authentication rather than whether an identity should be trusted with a specific action.

Drawing on experience from LinkedIn identity systems and Oracle Health Sciences, this session explores how to design trust signals for AI-agent access. Attendees will learn architectural patterns for building a dedicated trust-signal layer, combining authentication with behavioral usage patterns and credential provenance.

The session will cover how to expose these signals to security controls and generate human-understandable explanations for access decisions, helping organizations safely adopt AI agents while defending against automated abuse.

AI agents are new, but the security questions are timeless: who owns the system, what can it access, what actions are allowed, and how do we respond when something goes wrong? As enterprise AI moves from pilots into workflows that retrieve data, call tools, update records, and trigger business actions, this session gives security and governance leaders a practical launch-readiness model covering ownership, risk tiering, data boundaries, identity, tool permissions, human approval, logging, exception handling,
and incident response.

Attendees will leave with a launch-readiness checklist that applies timeless security principles to enterprise AI agents: ownership, least privilege, layered control, human judgment, logging, resilience, and incident response.

AI is changing the economics of cyber risk. Vulnerabilities can now be discovered, prioritized, and exploited faster than many organizations can validate their real exposure. A logs-only view is no longer enough because logs show only what systems report, not everything attackers can reach. The highest-risk gaps often sit in east-west traffic, encrypted sessions, fast-moving cloud and container environments, and unsanctioned AI services operating outside formal oversight. 

Attendees will learn how network telemetry provides the evidence needed to make better security decisions. It helps teams determine which vulnerabilities are truly exploitable, uncover lateral movement and shadow AI usage, and prioritize detection and remediation around the most critical attack paths. The outcome is not just faster action, but measurably lower cyber risk and stronger business resilience.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

Artificial Intelligence is no longer just a driver of productivity; it is the primary battlefield of modern global conflict. This session connects the dots between geopolitical volatility and the immediate risks to model integrity, data sovereignty, and cognitive security. We will examine how shifting alliances involving major powers like Russia, China, and the EU are reshaping the cyber threat landscape—specifically targeting sovereign AI clusters, decentralized compute networks, and the global semiconductor supply chain.

The discussion will pivot to the “internal” evolution of the sector, analyzing the rapid integration of Agentic AI in critical infrastructure and the resulting “black box” regulatory and privacy minefield. From state-aligned actors seeking to poison training datasets to sophisticated syndicates deploying automated exploit-generation engines, we will profile the adversaries threatening the global digital order.

Join us for a 2026 outlook that moves beyond mere ethical frameworks, offering a battle-tested strategy for maintaining operational resilience and model alignment in the face of unprecedented global instability.

Organizations are pivoting toward Agentic AI, which results in large-scale data misappropriation evolving from technical nuisance to board-level fiduciary crisis. Drawing on research submitted to the White House OSTP and the Purdue AI Management & Policy program, this session outlines a strategic blueprint for protecting proprietary data. Attendees will explore a Three-Pillar Defense: Technical Architecture, Product-Embedded Safeguards, and Policy-Driven Governance. This session bridges the gap between technical defense and executive risk reporting, providing a practitioner’s roadmap for operationalizing the NIST AI RMF to ensure long-term resilience and data integrity.

Attendees will gain a three-pillar strategic framework to reframe AI scraping as a board-level fiduciary risk while learning actionable steps to operationalize NIST AI RMF standards for long-term data integrity.

Fraud has always exploited trust. Deepfakes industrialize it.

This session explores a forensic analysis of the $25M Arup deepfake-enabled fraud case. Attendees will learn how attackers combined social engineering, real-time voice/video impersonation, and “routine” business processes to trigger high-value payments and approvals.

You’ll leave with a practical, investigation-ready response framework built for security leaders, fraud examiners, and risk teams working together:

• Triage: fast signal detection and decision routing when a request “feels real” but smells wrong
• Preserve: capturing the right artifacts (transactions, communications, video/voice originals, metadata) to avoid losing proof
• Validate: out-of-band confirmation and corroboration that separates deception from reality
• Report: bank/law enforcement escalation, internal notification, and documentation that stands up to scrutiny

We’ll also pressure-test common misconceptions; why “better deepfake detectors” won’t save you by themselves, how attackers weaponize urgency and authority, and which finance-process controls reduce loss fastest.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.